The incidence of credential phishing Indicators of Compromise (IOCs) rose by almost 45% in the third quarter.

The third quarter of 2023 witnessed a surge in both new and familiar techniques in cyber threats, challenging environments secured by email gateways (SEGs). This period saw a notable rise in the volume of credential phishing and malware campaigns. Cofense Intelligence observed a revival in certain malware families, previously less dominant, while prominent threats like QakBot and Emotet remained dormant.

Key observations for Q3 2023 are as follows:
- There was a significant rise in credential phishing indicators of compromise (IOCs), with a nearly 45% increase from Q2 and an 85% increase from Q3 of the previous year.
- The use of QR codes in phishing emails, embedded within images and PDFs, became more prevalent. This trend is likely attributed to the challenges security systems face in scrutinizing embedded links and content in comparison to plain email content.
- PDFs continued to be the favored attachment type for phishing emails among threat actors, accounting for almost half of the malicious file extensions observed in email campaigns this quarter.
- Notably, Emotet and QakBot maintained their inactivity throughout Q3. QakBot has been silent since Q2 2023, and Emotet since Q1 2023. The quietude of QakBot is possibly linked to an FBI takedown, potentially paving the way for a new botnet to emerge.
- A rise was noted in the use of reconnaissance and utility tool malware, such as Browser Password Dump Utility or Email Password Dump Utility, ranking them as the fifth most prevalent malware type for the quarter.

For a comprehensive analysis and detailed insights, download the full 2023 Q3 Report.